Project

General

Profile

HowTo configure a single sign-on into Redmine from an other App on the same server » History » Version 3

Denis Savitskiy, 2014-11-27 14:21
preformatted code

1 1 Patrick Ludikhuyze
h1. HowTo configure a single sign-on into Redmine from an other App on the same server
2
3
We had an App on our server and wanted to integrate Redmine into it.
4
We configured an LDAP authentication which made it possible for users to login with the same username and password.
5
But I didn't much like them needing to login again every time they needed to open Redmine helpdesk/issue tracking part of our site.
6
7
Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option.
8
9
h3. Basic Steps
10
11
* Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed)
12
  The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table.
13
  This also ensures that any modification to user name and e-mail are properly synced to Redmine long after initial creation.
14
15
* Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day
16
  We also chose to not use Self registration but that could be site specific.
17
  OpenID and Rest API authentication are not required for this to work; it depends on your use of Redmine.
18
19
* Configure the use of autologin cookie also in config/configuraion.yml
20 3 Denis Savitskiy
<pre>
21
autologin_cookie_name: autologin
22
autologin_cookie_path: /
23
autologin_cookie_secure: false
24
</pre>
25 1 Patrick Ludikhuyze
26
  P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further.
27
28
* Delete existing autologin token from Redmine DB
29 3 Denis Savitskiy
<pre>
30
SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...;
31
</pre>
32 1 Patrick Ludikhuyze
33
* Create our new autologin token into Redmine DB
34
  Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b)
35 3 Denis Savitskiy
<pre>
36
SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now());
37
</pre>
38 1 Patrick Ludikhuyze
39
* Create cookie with autologin token
40
  This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours:
41 3 Denis Savitskiy
<pre>
42
setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be');
43
</pre>
44 1 Patrick Ludikhuyze
45
  Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub URI).
46
47
* Sanitise command line to forward URL arguments to Redmine
48 2 Patrick Ludikhuyze
  I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App.  So when Redmine sends e-mails, the click through URLs go trough my App, request the proper login and pass the rest of the URL to Redmine.
49 1 Patrick Ludikhuyze
  That would be site specific but shouldn't be too hard.
50
51
That should do the trick!
52
53
Happy Redmining ;-)